Unanswered Question
Oct 9th, 2007
User Badges:

Hi all, when I see my pc's on the network broadcasting on say on ethereal, what exactly are they looking for, and when sending it on the broadcast address, are pc's etc designed to reply to this ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Jagdeep Gambhir Tue, 10/09/2007 - 07:10
User Badges:
  • Red, 2250 points or more


Most likely it is a ARP request where machines are trying to get info of other host so that it can send the traffic.

ARP is used in four cases of two hosts communicating:

1. When two hosts are on the same network and one desires to send a packet to the other

2. When two hosts are on different networks and must use a gateway/router to reach the other host.

3. When a router needs to forward a packet for one host through another router.

4. When a router needs to forward a packet from one host to the destination host on the same network.

The first case is used when two hosts are on the same physical network (that is, they can directly communicate without going through a router). The last three cases are the most used over the Internet as two computers on the internet are typically separated by more than 3 hops.



paul.matthews Tue, 10/09/2007 - 07:53
User Badges:
  • Silver, 250 points or more

That's not ARP! Arp is aimed at an IP *UNICAST* address - the target address for the ARP request. an ARP request is sent to a L2 broadcast address.

IP Broadcasts will probably be sourced by some application. These broadcasts could be any application that is trying to find some kind of peer. You need to look into what the content of the packet is.

As for arp - I suggest you do a little digging on when arp is used, as I think you have a pretty fundamental misunderstanding.


Kevin Dorrell Tue, 10/09/2007 - 07:44
User Badges:
  • Green, 3000 points or more

You say the target address is, so it is a subnet broadcast. These are not ARP requests. They are most likely to be broadcasts for Network Neighborhood discovery etc. Are they UDP/135, UDP/137 perhaps, or port 445? If so, they are Micro$oft stuff.

Kevin Dorrell



This Discussion